Microsoft is expected to release a security patch to address a Critical vulnerability

Discussion in 'Windows News' started by whoosh, Dec 13, 2009.

  1. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Apr 15, 2009
    Likes Received:
    Microsoft will Issue a Critical Patch Next Week for Windows 7 IE8 | Windows 7 News

    Microsoft is expected to release a security patch to address a Critical vulnerability in IE8. For December, Microsoft is planning to release six new security bulletins that are expected different vulnerabilities in several Windows products. Some of the vulnerabilities are in Windows7, some in Internet Explorer 8, and some in Microsoft Office Products. On the office side the vulnerabilities affect Project, Word, and Worlks 8.5.
    Microsoft Security Response Center

    There is a range to the bulletins including three that are Critical and three that are considered Important. The Microsoft Security Bulletin Summary for December 2009 outlines these vulnerabilities:
    • Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution
    • Vulnerability in Microsoft Office Project Could Allow Remote Code Execution
    • Cumulative Security Update for Internet Explore
    • Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution
    • Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service
    • Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution
    [​IMG] Vulnerability Table

    Proof of Concept for the security flaws was released to the public recently, which prompted Microsoft’s response. In computer security the term proof of conceptis often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage of some vulnerability. The zero-day, the day of release, means that the item in question, in this case the software IE8 has a weakness that has not been fully exploited. But for Microsoft the weakness will be addressed in the patch upgrade.
    [​IMG] Vulnerability Table Windows 7

    According to a Microsoft Spokesman, Jerry Bryant, security program manager, â€Â￾ The IE update maps to bulletin number 4 in the ANS and will be at the top of our deployment priority list. The other critical update affecting Windows (bulletin number 1) will have a lower Exploitability Index rating, so while the impact is higher with a critical severity rating, the lower risk will drop the deployment priority down a little. The final critical update affecting Microsoft Project (bulletin number 3), is only critical for Project 2000. The other affected versions are important. That coupled with a lower Exploitability Index will also drive it down on the deployment priority list. Customers have asked us to map the numbered bulletins in the ANS to the final bulletin ID’s after release so we will be doing that in the blog post here on Tuesday.â€Â￾
    The vulnerability table for Server 2008
    [​IMG] Vulnerability Table: Server 2008

    The Office Suite Vulnerability Table:
    [​IMG] Vulnerability Table: Office Suite

Share This Page